cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1624
Views
5
Helpful
8
Replies

lost communication with CBS350 switch after changing interfaces to L3

TechFrank
Level 1
Level 1

Hi all, I think i'm being stupid and missing something obvious so please help to make me realize what i'm doing wrong.

I have configured a CBS350 switch stack with 4 switches. I have assigned all of my untagged and tagged VLANS using general ports.

I have configured IP routing and have set up an IP interface for each VLAN. 

I need to work out inter VLAN routing, so I put all my interfaces in to L3 mode from L2 and i subsequently lose connection to the switch and am unable to ping the interface IP of the untagged port i'm plugged in to. Is there anything obvious which i'm doing wrong here? And am I on the right track for enabling inter VLAN routing?

8 Replies 8

you only need to configure switch mode to L3 and create VLAN interfaces for respective VLANs to enable inter VLAN routing for VLANs. you need to connect to switch using console connection and configure 1 port to management VLAN and connect through that to switch management. 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

It's not possible to put the CBS350 switch in to L3 mode. L3 is only a per port option, unlike on the SG300 series where L3 was an entire switch option. 

I already have a number of ports which are untagged on VLAN1 which is the management VLAN. I'm able to manage the switch via these ports, until i switch them to L3 ports, I then lose connection with the switch. When i check via serial connection, the ports are still members of the management VLAN (VLAN1). The only thing which changes is the switchport configuration (Changed from 'switchport' / L2 mode to 'no switchport' L3 mode.

if so, you can use VLAN interfaces with relevant gateway IP addresses to do routing part. no need to convert ports to L3 modes. because if you use 'no switchport' , port will not use any VLANs, it will work as a separate routing port which needs IP address.

 

check this for more details about IPV4 interfaces 

https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/Administration-Guide/cbs-350/cbs_350_chapter_14.html

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

AAH! That's the key right there! I didn't realize that the port wouldn't use VLANs if it was in L3 mode. That is confusing! So just one more thing to clarify - if I want inter VLAN routing, I only need an interface IP on the VLANs I need to route amongst one another. And to assign ports for inter VLAN routing, I would need to make sure these ports were members of the VLANs I need to route between.

Example - I need VLAN 200 to communicate to VLAN 20. If I have a port which is Untagged VLAN1 and I tag it with VLAN 20 and VLAN 200 then a machine on this port will be able to communicate with subnets on VLAN 1, 20 and 200 (assuming each of those VLANs have IP addresses assigned and IP routing is enabled).

yes. your VLAN gateway IPs need to be configured in VLAN interfaces and assign required ports to required VLAN.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

I agree with @Kasun Bandara that the essential thing is that each vlan should have a vlan interface with an IP address assigned, that routing needs to be enabled, and that physical ports/interfaces need to be access ports (L2 mode). I am puzzled about the follow up question " If I have a port which is Untagged VLAN1 and I tag it with VLAN 20 and VLAN 200" What do you mean about tagging with vlan 20 and 200? If routing is enabled and each vlan has a vlan interface with an IP address assigned, then any device in vlan 1 can automatically communicate with devices in vlans 20 and 200. No further configuration  (tagging etc) is required.

HTH

Rick

my experience is different to how you describe. After configuring the
multiple VLANs and interface IPs, I'm not able to ping those interface IPs
from other VLANs unless I tag the relative VLANs on the port I'm plugged in
to.
Also, say I had 10 VLANs and wanted communication between VLAN 2,3 and 4,
and VLANs 5,6 and 7, but didn't want VLANs from this second group (5,6
and7), to be able to communicate with any VLANs from the first group (2,3,
and 4). Would I use community VLANs on this instance?

I do not understand this part of your response " unless I tag the relative VLANs on the port I'm plugged in
to." Perhaps this is a semantic issue. From my perspective tagging involves adding a tag indicating vlan membership when a frame is transmitted over a trunk interface. From your perspective is tagging something different? If so what does it mean to you?

Your follow up question is interesting and complicated. If routing is enabled then by default any vlan/subnet can communicate with any vlan/subnet. If you want some group of vlan/subnets to communicate with some other vlan/subnets but prevent communication with other vlan/subnets it is tricky. The challenge is that you need to treat differently depending on whether the frame was originating a connection or responding in a connection. Community vlans is an interesting possibility. Otherwise you probably need something that does stateful inspection. And that is hard to find on switches.

HTH

Rick
Review Cisco Networking for a $25 gift card